Queens College has achieved a second place standing in the Information Systems Audit and Control Association’s (ISACA) 2024 Cybersecurity Case Study. This is the second time that QC has placed in the top three of the competition.
The ISACA NY Metropolitan Chapter Cybersecurity Case Study Competition places students in a simulated real world cybersecurity challenge, where they are tasked with proposing potential solutions. Participants utilize case studies and articles from Harvard Business School to develop presentations as a team. These presentations are then judged, with the top three being selected for interviews from cybersecurity executives.
This year, the real world cybersecurity challenge was the 2020 SolarWinds supply chain attack, a major cyberattack in 2020 that led to a series of data breaches from several global organizations, including multiple areas of the U.S. federal government.
Team Solar Eclipse, the team made up of QC students, asserted that the 2020 SolarWinds hack was significant because it triggered a massive supply chain attack that impacted thousands of organizations. SolarWinds is a software company that provides system management tools for networking and infrastructure. The company was targeted due to its trusted reputation and widespread use across numerous government agencies.
Early signs of hacker activity within the system appeared in early 2019, from Jan. 1st to Sept. 1st, with the intrusions being identified on Sept. 4th. From Sept. 12th – Nov. 4th, hackers implemented a code injection that altered the execution of a program. A security firm called Volexity discovered the breach and identified a back door that had been undetected for three years.
On Feb. 21st, 2020, lateral movement hackers compromised a SolarWinds Microsoft Office 365 account to obtain access. Lateral movement is a technique cybercriminals use to expand their control over various assets and spread their influence. In Nov. 2020, an analyst uncovered suspicious traffic. A month later, the software was fixed.
The attack began when attackers used a technique called Golden SAML to bypass authentication and obtain elevated privileges. They deployed a sophisticated multi-level malware package consisting of Sunspot, Sunburst, Teardrop, and Raindrop. Sunspot is an automated injection process that produces a dynamic link library (DLL) process containing Sunburst. It is utilized to inject malicious code into the SolarWinds DLL file. The code would be dormant in the system for 12 to 14 days before activation, and during this time it would scan the system for security software. Once activated, Teardrop would launch, initiating the creation of command and control (C2) servers. Lastly, Raindrop helped the attackers maintain their access to the system.
Team Solar Eclipse proposed a response to the attack by working in collaboration with Crowd Strike, KPMG, and Law Firm DLP Piper. On Dec. 13th, senior leaders gathered to review the response, coordinate various work ideas and issue communications regarding the attack. Software updates were released on Dec. 15th to remove the malicious code. In total, 100 customers were affected by the threat actors.
Thanks to our advanced technologies, QC has placed second out of 23 schools in the competition. Enrollment for the 2025 Case Study has already begun.
